1. Field of the Invention
This invention relates to the filed of portable personal computers and more particularly to systems for maintaining data security in a portable digital information environment.
2. Prior Art
The security of personal information has always been concern. Historically, it has been safeguarded through the use of signatures, credentials and photographs. Electronic devices such as automatic banking machines have added encoded cards and personal identification numbers (PINs) to the repertoire of security tools. Computers continue to use passwords.
More recently, the "Smart Card" has been used as a security tool. The "Smart Card" is a small microcomputer with writable, non-volatile memory and a simple input/output interface, fabricated as a single chip and embedded in a plastic "credit card". It has exterior pins to allow it be connected to specially designed equipment. The program contained in the card's microcomputer interacts with this equipment and allows its non-volatile memory data to be read or modified according to a desired algorithm which may optionally include a password exchange. Special techniques have been implemented to protect the memory data and to allow permission variations according to the situation. For example, U.S. Pat. No 4,382,279 entitled, "Single Chip Microprocessor with On-Chip Modifiable Memory" discloses an architecture which permits automatic programming of a non-volatile memory which is included on the same chip as a processing and control unit. As in other systems, the microprocessor only protects memory on the same chip.
The "Smart Card" has been used both to facilitate the process of identification and to be the actual site of the valued information. In this situation, as in most prior situations, physical presence of a "key" as well as some special knowledge has been used as part of the verification or authentication process. In such cases, identification has involved a dialog between the person desiring access and a fixed agent such as a security guard and an automatic teller machine.
The current state of portability of free standing computing devices makes it possible for both the physical key and the authentication agent to be small, portable and hence more subject to loss or theft. Further, computing devices make it possible to perform repeated attempts to guess or deduce the special knowledge or passwords associated with the identification process. This is especially true if the authentication agent or device is also under the control of the thief. To make matters worse, technology now allows and encourages the carrying of enormous amounts of sensitive information on one's person where it is subject to mishap.
Also, today's notebook and subnotebook sized computers provide a free standing environment having significant computing power which has created a need for additional data storage capability. This need has initially been met by miniature hard disk devices which can hold both programs and data. While password protection is often used in these systems, it does not completely protect sensitive data because, first, the authentication agent is vulnerable. But, more significantly, the disk device containing the data can be physically removed and accessed in a setting more conducive to analysis. In this case, data has been protected by employing some form of encryption. The nature of disk access makes this possible without encountering undue cost or performance barriers. An example of this type of system is described in U.S. Pat. No. 4,985,920 entitled "Integrated Circuit Card".
The recent emergence of the flash memory and removable "memory cards" have allowed major reductions in size and power requirements of the portable of the portable computer. The flash memory combines the flexibility of random access memories (RAMs) with the permanence of disks. Today, the combining of these technologies allows up to 20 million bytes of data to be stored without power, in a credit card size removable package. This data can be made to appear to a host system either as if it were stored on a conventional disk drive or if it were stored in an extension of the host system's memory.
These technological developments have made further reductions in system size possible to the extent that the system and data including programs can be carried on one's person. This has made the data, programs and its host system more vulnerable to loss or theft and also more difficult to protect memory data by encryption since this presents major cost and performance barriers.
Accordingly, it is a primary object of the present invention to provide a portable digital system with a secure memory subsystem.
It is a further object of the present invention to provide a memory card whose contents can be protected if removed from a portable digital system.
It is a more specific object of the present invention to provide a secure memory subsystem which can be used to protect the complete operating environment required in running an application.